[PATCH v2 37/50] image: Drop IMAGE_ENABLE_SIGN/VERIFY defines

Fri May 14 23:17:03 CEST 2021

On 5/14/21 3:44 PM, Simon Glass wrote:
> Hi Alex,
> 
> On Fri, 14 May 2021 at 14:38, Alex G. <mr.nuke.me at gmail.com> wrote:
>> 
>> 
>> 
>> On 5/6/21 9:24 AM, Simon Glass wrote:
>>> Add host Kconfigs for FIT_SIGN and RSA_VERIFY. With these we can
>>> use CONFIG_IS_ENABLED() directly in the host build, so drop the
>>> unnecessary indirections IMAGE_ENABLE_SIGN and HOST_RSA_VERIFY.
>>> Also drop FIT_IMAGE_ENABLE_VERIFY which is not actually used.
>>> 
>>> Leave IMAGE_ENABLE_VERIFY_ECDSA along since this feature is
>>> incomplete and needs to be integrated with RSA.
>>> 
>>> Signed-off-by: Simon Glass <sjg at chromium.org> ---
>>> 
>>> (no changes since v1)
>>> 
>>> common/image-fit.c     |  6 +++--- common/image-sig.c     | 10
>>> +++++----- include/image.h        | 13 ++----------- 
>>> include/u-boot/ecdsa.h |  2 +- include/u-boot/rsa.h   |  4 ++-- 
>>> tools/Kconfig          | 10 ++++++++++ tools/image-host.c     |
>>> 4 ++-- 7 files changed, 25 insertions(+), 24 deletions(-)
>>> 
>>> diff --git a/common/image-fit.c b/common/image-fit.c index
>>> c13ff6bba24..e81a0858dc1 100644 --- a/common/image-fit.c +++
>>> b/common/image-fit.c @@ -1301,7 +1301,7 @@ int
>>> fit_image_verify_with_data(const void *fit, int image_noffset, 
>>> int ret;
>>> 
>>> /* Verify all required signatures */ -     if
>>> (FIT_IMAGE_ENABLE_VERIFY && +     if
>>> (CONFIG_IS_ENABLED(RSA_VERIFY) &&
>> 
>> NAK. Having verification depend directly on CONFIG_RSA_VERIFY will
>> make adding ECDSA support that much more convoluted.
> 
> Let me counter-NAK.
> 
> The ECDSA needs to be integrated into the RSA stuff, as we have done 
> with hashing. E.g. CONFIG_VERIFY that enables the feature, with a 
> driver to select which methods are supported.

Then why not add a CONFIG_(SPL_)VERIFY to this patch instead of 
replacing a common define with an algo-secific CONFIG?

> I think I mentioned that in the original review.

You did. Integrating ECDSA with RSA is orthogonal to ECDSA verification.
I like the motivation behind this cosmetic series, but it is
creating unnecessary complications to adding the ECDSA features.

     "It is relatively straightforward to add new algorithms if required.
      [...] If another algorithm is needed (such as DSA) then it can be
      placed alongside rsa.c, and its functions added to the table in
      image-sig.c also."

That's from doc/uImage.FIT/signature.txt. Seems like we're changing goal 
posts as the balls are already in the air. I want to tone down this 
series, pick a few patches that I really like, combine them with some of 
my changes and submit a co-authored series with the uncontroversial changes.

I posted a parallel series which eliminates IMAGE_ENABLE_VERIFY_ECDSA, 
and is far less intrusive. I was already trying to combine it with some 
patches in this series. Let's see how that goes

Alex